Incorrect syntax near ','.

Question

0.00/5 (No votes)

See more:

This is my DB Access code
My Table name is emplo . emp_id is my primary key in that table
I'm going to search employ using employ id and get data to my labeles but i get error in "SqlDataReader reader = command.ExecuteReader();"

this is the Screen Link

C#

using (SqlConnection conn = new SqlConnection(@"Data Source=MCK-PC\MCKSQL;Initial Catalog=canteen_db;Integrated Security=True"))
using (SqlCommand command = new SqlCommand("SELECT * FROM emplo WHERE emp_id ="  + textBox1.ToString(), conn))
{
  conn.Open();
  SqlDataReader reader = command.ExecuteReader();
                         
    while (reader.Read())
      {
        label1.Text=(reader["emp_id"].ToString());
        label2.Text=(reader["First_name"].ToString());
        label3.Text=(reader["section"].ToString());
        label4.Text=(reader["id_no"].ToString());
        label5.Text=(reader["ammount"].ToString());
        label6.Text=(reader["last_act_date"].ToString());
        label7.Text=(reader["last_act_time"].ToString());

      }
}

i'm new to C#
THANKS FOR THE ADVANCE!

Posted 8-Aug-13 18:48pm

Manoj Chamikara

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

PIEBALDconsult · Accepted Answer · 2013-08-08T19:07:00

Solution 1

Use a parameterized query -- do not use concatenation.

http://en.wikipedia.org/wiki/SQL_injection[^]

Posted 8-Aug-13 19:07pm

PIEBALDconsult

Updated 8-Aug-13 19:13pm

v2

Comments

Thanks7872 9-Aug-13 1:25am

My 4. This is absolutely useful. I have provided with the modified code in my solution.

Manoj Chamikara 9-Aug-13 1:43am

Thank You Rohan It works :)

Thanks7872 9-Aug-13 1:45am

Use reply button to the comment or comment on answer. That will notify the one like you got notification about this comment.Glad to help you.

Sergey Alexandrovich Kryukov 9-Aug-13 1:51am

Absolutely. This is such a big problem of many. I even voted 5 despite the fact you did not answer the OP's question. This question is just much less important than this big flaw.
—SA

PIEBALDconsult 9-Aug-13 1:55am

Indeed, and the syntax error could also be caused by the text in the text box.

Sergey Alexandrovich Kryukov 9-Aug-13 1:58am

Error? Ha-ha, watch this:
http://xkcd.com/327 :-).

—SA

Thanks7872 · Accepted Answer · 2013-08-08T19:24:00

Solution 2

Try this.Note that i have made use of parameterized query that is more secure than you tried to use.

C#

using (SqlConnection conn = new SqlConnection(@"Data Source=MCK-PC\MCKSQL;Initial Catalog=canteen_db;Integrated Security=True"))
{  
  conn.Open();
  SqlCommand command = new SqlCommand("SELECT * FROM emplo WHERE emp_id =@temp", conn);
  command.Parameters.AddWithValue("temp",textBox1.Text);
  SqlDataReader reader = command.ExecuteReader();                         
  while (reader.Read())
  {
       //your code here 
       
  }
  reader.Close();
  conn.Close();
}

Regards..:)

Posted 8-Aug-13 19:24pm

Thanks7872

Updated 8-Aug-13 19:55pm

v6

Comments

Manoj Chamikara 9-Aug-13 1:43am

Thank You Rohan It works :) really appreciate your quick response with code

i get this error when reader.Close(); in the while loop
Invalid attempt to call Read when reader is closed.

so i put reader.Close(); out of the wile loop now it's ok

while (reader.Read())
{
//..........

}
reader.Close();
Thanks again

Thanks7872 9-Aug-13 1:56am

I updated the code.

Manoj Chamikara 9-Aug-13 2:01am

:)